Tuesday, May 12, 2015

Indicators - Geodo Malware Part 2

I have some more Geodo/Feodo indicators for you since yesterdays posting. If this keeps up I will make a page dedicated to Geodo indicators similar to the one I created for the Houdini RAT.

Threat Name: Geodo

File Download Locations:

These are live malware files, download with caution.

hXXp://altvramagazine.com:80/wp-content/themes/altura/cr_mss3.exe
hXXp://www.hairlosstreatments4u.com:80/4KVHAGFUPB/949.exe
hXXp://arasshahintools.com:80/wp-content/themes/darya/cr_mss3.exe
hXXp://www.greago.com:80/wp-content/themes/flowmaster/cr_mss3.exe
hXXp://holyspirit.wa.edu.au:80/wp-content/uploads/cr_mss3.exe
hXXp://heliosradio.com:80/WGNz20QXeyK/9049.exe
hXXp://photowaaley.com:80/2g9IiGaouYBOQ/9049.exe
hXXp://region-magdeburg.ramminger-berlin.de:80/modules/mod_aratipas/cr_mss3.exe
hXXp://jomigym.nl:80/80dUCBiJXg/9049.exe
hXXp://tasheelseries.com.au:80/modules/mod_aratipas/cr_mss3.exe

Virustotal File Analysis:

9049.exe

Command and Control Servers:

Request Method: POST

94.126.171.85:8080
94.176.2.168:8080
103.16.26.36:8080
37.59.0.141:8080
46.32.233.226:8080
76.74.252.88:8080
99.249.191.195:8080

Enjoy! Look out for a new indicator list for this malware.

1 comment:

  1. Really very interesting to read this article. thanks for sharing the information. if anyone is looking for
    norton.com support kindly visit my site. norton.com

    ReplyDelete

Please feel free to leave a comment that is relevant to the post.